U mÃfã@s‚ddlZddlZddlmZddlZddlZddlZddlZddl Zddl Zej   d¡Z Gdd„dƒZdd„Zdd „Zd d „ZdS) éN)Úurlparsez_dns.resolver.arpac@s6eZdZdd„Zdd„Zdd„Zdd„Zd d d „Zd S) Ú _SVCBInfocCs||_||_||_||_dS©N)Úbootstrap_addressÚportÚhostnameÚ nameservers)Úselfrrrr©r ú6/opt/hc_python/lib/python3.8/site-packages/dns/_ddr.pyÚ__init__sz_SVCBInfo.__init__cCs.|dD] \}}|dkr||jkrdSqdS)zIVerify that the _SVCBInfo's address is in the cert's subjectAltName (SAN)ÚsubjectAltNamez IP AddressTF)r)r ÚcertÚnameÚvaluer r r Úddr_check_certificate!sz_SVCBInfo.ddr_check_certificatecCstjj}| ¡}|jj|_|Sr)ÚdnsÚqueryÚsslÚcreate_default_contextÚ TLSVersionÚTLSv1_2Úminimum_version)r rÚctxr r r Úmake_tls_context(s z_SVCBInfo.make_tls_contextc Cs”| ¡}t ¡|}t |j|jf|¡b}|j||jdF}| t j   |¡¡|  ¡|  ¡}| |¡W5QR£W5QR£SQRXW5QRXdS)N)Úserver_hostname)rÚtimeÚsocketÚcreate_connectionrrÚ wrap_socketrÚ settimeoutrrÚ _remainingÚ do_handshakeÚ getpeercertr)r ÚlifetimerÚ expirationÚsÚtsrr r r Úddr_tls_check_sync.s  ÿz_SVCBInfo.ddr_tls_check_syncNc Ãs¨|dkrtj ¡}| ¡}t ¡|}| tj |j¡t j dd|j|j f|||j ¡IdH4IdHš6}|  tj |¡¡IdH}| |¡W5QIdHR£SQIdHRXdS)Nr)rZ asyncbackendZget_default_backendrrZ make_socketÚinetZaf_for_addressrrÚ SOCK_STREAMrrr#rr!r)r r$Úbackendrr%r'rr r r Úddr_tls_check_async:s"    ø z_SVCBInfo.ddr_tls_check_async)N)Ú__name__Ú __module__Ú __qualname__r rrr(r,r r r r rs  rc Cs¾|j}tj |¡sgSg}|j ¡D]’}g}|j tjj j j ¡}|dkrLq$t |j ƒ}|jjdd}d}|j tjj j j¡}|dk rŠ|j}d|kr:|j tjj j j¡}|dks$|j d¡s¾q$|jdd… ¡} |  d¡sâd| } |dkrîd}d|›d |›| ›} z t| ƒ| tj | |¡¡Wntk r8YnXd |krh|dkrRd }| tj |||¡¡d |kr˜|dkr€d }| tj ||d|¡¡t|ƒd kr$| t||||ƒ¡q$|S)NT)Zomit_final_dotsh2s{?dns}iúÿÿÿú/i»zhttps://ú:sdotiUsdoqr)Z nameserverrr)Z is_addressZrrsetZprocessing_orderÚparamsÚgetZrdtypesZsvcbbaseZParamKeyZALPNÚsetZidsÚtargetZto_textZPORTrZDOHPATHrÚendswithÚdecodeÚ startswithrÚappendZ DoHNameserverÚ ExceptionZ DoTNameserverZ DoQNameserverÚlenr) ÚanswerrÚinfosZrrrÚparamZalpnsÚhostrÚpathÚurlr r r Ú_extract_nameservers_from_svcbMsZ      ÿ  ÿ rBc CsJg}t|ƒ}|D]4}z| |¡r,| |j¡Wqtk rBYqXq|S)úVReturn a list of TLS-validated resolver nameservers extracted from an SVCB answer.)rBr(Úextendrr:©r<r$rr=Úinfor r r Ú_get_nameservers_syncs rGc ÃsPg}t|ƒ}|D]:}z | |¡IdHr2| |j¡Wqtk rHYqXq|S)rCN)rBr,rDrr:rEr r r Ú_get_nameservers_asyncsrH)rrÚ urllib.parserZdns.asyncbackendrZdns.inetZdns.nameZdns.nameserverZ dns.queryZdns.rdtypes.svcbbaserZ from_textZ_local_resolver_namerrBrGrHr r r r Ús  34